From owner-freebsd-bugs@FreeBSD.ORG  Mon Dec 21 13:00:16 2009
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 251F01065694
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 21 Dec 2009 13:00:16 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 5F4708FC25
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 21 Dec 2009 13:00:15 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nBLD0Fdo012323
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 21 Dec 2009 13:00:15 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nBLD0EIi012320;
	Mon, 21 Dec 2009 13:00:15 GMT (envelope-from gnats)
Resent-Date: Mon, 21 Dec 2009 13:00:15 GMT
Resent-Message-Id: <200912211300.nBLD0EIi012320@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Andrey Zonov <andrey.zonov@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 57734106566C
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon, 21 Dec 2009 12:59:35 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 4734C8FC1A
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon, 21 Dec 2009 12:59:35 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id nBLCxZFS040935
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Dec 2009 12:59:35 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id nBLCxYPM040934;
	Mon, 21 Dec 2009 12:59:34 GMT (envelope-from nobody)
Message-Id: <200912211259.nBLCxYPM040934@www.freebsd.org>
Date: Mon, 21 Dec 2009 12:59:34 GMT
From: Andrey Zonov <andrey.zonov@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: misc/141840: OpenSSH allow raise resource limit via .login_conf
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2009 13:00:16 -0000


>Number:         141840
>Category:       misc
>Synopsis:       OpenSSH allow raise resource limit via .login_conf
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 21 13:00:14 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Andrey Zonov
>Release:        7.2-STABLE, 8.0-STABLE
>Organization:
>Environment:
FreeBSD x.xxx.ru 7.2-STABLE FreeBSD 7.2-STABLE #0 r198488:198490M: Mon Oct 26 17:57:34 MSK 2009     root@x.xxx.ru:/opt/obj/opt/usr/SVN/7/sys/kernel  amd64
>Description:
Via OpenSSH and .cogin_conf may raise resource limit on 7.2-STABLE, 8.0-STABLE.
>How-To-Repeat:
1. Add new login class in /etc/login.conf

test:\
        :cputime=1h:\
        :tc=default:

2. Make db

# cap_mkdb /etc/login.conf

3. Change login class for your account

# pw usermod $login -L test

4. Connect via ssh to this host by $login and execute `limits -a'

$ limits -a
Resource limits (current):
  cputime                  3600 secs
  filesize             infinity kB
  datasize               524288 kB
  stacksize               65536 kB
  coredumpsize         infinity kB
  memoryuse            infinity kB
  memorylocked         infinity kB
  maxprocesses             3603
  openfiles                7207
  sbsize               infinity bytes
  vmemoryuse           infinity kB
  pseudo-terminals     infinity
  swapuse              infinity kB

5. Create ~/.login_conf

me:\
        :cputime=2h:

6. Connect again to this host and execute `limits -a'

$ limits -a
Resource limits (current):
  cputime                  7200 secs
  filesize             infinity kB
  datasize               524288 kB
  stacksize               65536 kB
  coredumpsize         infinity kB
  memoryuse            infinity kB
  memorylocked         infinity kB
  maxprocesses             3603
  openfiles                7207
  sbsize               infinity bytes
  vmemoryuse           infinity kB
  pseudo-terminals     infinity
  swapuse              infinity kB

In 6.4-RELEASE-p6 it does not work and it is correct behavior!
>Fix:
Workaround.
Add "UseLogin yes" in sshd_config and restart sshd

>Release-Note:
>Audit-Trail:
>Unformatted: